Inhalt
Our optimized Managed Detection and Response (MDR) onboarding process delivers fast and effective protection in regards of the most common points of attack: endpoints, identities and email. Utilizing Microsoft Defender and Sentinel plays a crucial role.
Protection of the most important points of attacks
Our MDR approach focuses to three key areas:
1. endpoints: protecting clients, servers, mobile devices as well as IoT and OT devices.
2. identities: protection of employee accounts.
3. email security: protection against threats delivered by email.
Rapid onboarding with Microsoft technologies
With Microsoft Defender and Sentinel interfaces, we can quickly configure and monitor customer environments. The onboarding process typically involves the following steps:
1. Configure access to the customer’s Defender environment (approx. 15-45 minutes)
2. Configure access to the Sentinel environment and, if necessary, setting Sentinel up (approx. 15-45 minutes, depending on whether Sentinel is deployed or not)
3. Configure the connection between Sentinel and Defender (15-30 minutes)
4. Checking the Defender configuration (30-60 minutes)
5. Configure Sentinel content rules and UEBA (User and Entity Behavior Analytics) (30-60 minutes)
After these steps, we already receive data and can actively monitor parts of the customer environment.
Rollout and continuous monitoring
Following the initial setup, two main rollout steps would be arranged with the customer:
1. rollout of Defender EDR client on prioritized systems (e.g. AD controllers, key servers and workstations)
2. installation and configuration of Defender for Identity
After the full setup, we can see and react to alarms in near-real-time. Tuning is still required, but we already have a good overview about the security situation.
Standardized process with individual adjustments
Our onboarding process is standardized, which enables rapid implementation. Nevertheless, we take specific characteristics of each customer into account and create customized solutions. Our Cybersecurity Advisor will discuss escalation processes and incident response measures.
Increased efficiency through modern technologies
Setting up a SIEM (Security Information and Event Management) system used to be a time-consuming and complex procedure. Due to the decision to rely on a combination of XDR (Extended Detection and Response) and SIEM within the Azure Cloud, we have considerably simplified and accelerated this process. The advantages of Microsoft’s technology, the software distribution and MDM (mobile device management) solutions are already in place at most customer organizations and are key factors for a rapid implementation.
Advantages at a glance
- Rapid deployment of Microsoft Sentinel: Enables a quick service start, with custom logs being handled as a separate issue.
- Activation and configuration of Microsoft Defender: According to best practices of our core Defender XDR expert team.
- Defender for Endpoint: Pre-installed on all Windows devices and easy to activate through software distribution.
- Hurdles distribution to Linux, MacOS and mobile devices: Through customer MDM solution.
- Tuning of alarms and connection of custom logs: Takes place during operation, ensuring basic protection from day one and continuously expanded.
- Advice on reducing the attack surface and vulnerability management: This takes place during operation after the initial tuning phase.
Thanks to this optimized onboarding process, we offer our customers a fast and effective entry into the world of managed detection and response, with a focus on security, efficiency and customization. Request MDR for Microsoft now.